Skip to main content

Data On Millions Of Americans Leaked Through Open Server 

By December 13, 2018June 2nd, 2022Cybersecurity

Bob Diachenko, the Director of Cyber Risk Research for Hacken, recently made a disturbing discovery.  He found an ElasticSearch server open and vulnerable on the internet, without so much as a password to protect it.

Unfortunately, the server was leaking a staggering 73GB of data and had a number of databases cached inside the server’s memory.  In one of those databases, Diachenko discovered more than 56 million records containing personally identifiable information belonging to US citizens around the country.

In the majority of cases, the exposed information was limited to:

  • Full name
  • Email address
  • Street address (including Zip Code)
  • Phone number or numbers
  • IP addresses

Sadly, to an even moderately talented hacker, that’s more than enough information to fake someone’s identity. That means the data has real value on the Dark Web and may be being sold off as you read these words.

Another of the databases contained nearly twenty-six million records containing business information.

In this case, the exposed information included:

  • Company name and brief description
  • Zip codes and carrier routes
  • Latitude and longitude coordinates
  • Census tracts
  • Website addresses
  • Email addresses
  • Employee headcounts
  • Revenue numbers
  • Phone numbers
  • SIC codes
  • NAICS codes
  • And the like

Diachenko made the discovery on November 20th, but upon further research discovered that it had actually been indexed by Shoddan on November 14th.  He was not able to determine who owned the exposed server, but based on a few breadcrumbs he did find, he concluded that it’s likely owned by the Canadian data firm “Data and Leads,” or that the company is at least indirectly connected to the server somehow.

The firm did not respond to inquiries made by Diachenko, or later, by ZDNet. Shortly after those requests for comment were made, the company’s website mysteriously went down.

The apparent cause of this breach is the same thing that’s caused other recent ElasticSearch breaches.  In a shocking number of cases, admins don’t bother to set up passwords for their servers, which they later leave exposed on the internet.  An easy problem to fix, but it begs the question:  Are your servers password protected?

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.